Skip to main content

Multi-factor account recovery

When multi-factor authentication is set up by the administrator, the user starts creating their account by entering a username (email) and password.

After the username (email) and password are set up, the users are required to set up at least one second-factor authentication method; authenticator app or SMS.

The second-factor methods available to the users vary based on the settings applied by the administrator in the Management console. Passwords and Recovery codes are always available by default.

Account recovery steps

When multi-factor authentication is required for login, the user is first prompted to give their username (email) and password. Once verification is successfully completed, they are required to authenticate with any of the second-factor authentication methods they have set up.

The user may have difficulties with either of the two authentication steps. To recovery their account, they need to go through the relevant account recovery steps.

Password

The user can set a new password by starting the password reset flow from the login page. An email with a code is sent to the email address registered to their account. After successful verification the user can set a new password.

Password reset

  1. Enter the email address of the user account on the login page and click Continue.
  2. Click Forgot password? on the login page.
  3. Open the password reset email sent to the registered email address, and enter the code you received on the Email verification page.
  4. Click Verify. If verification is not successful, you can request a new code. If verification is successful, you can set a new password.
  5. Follow the prompts to enter a new password for your account.

Issues with second factor authentications

If the user has issues with a second factor authentication method, they can choose to Try another way directly from the login page.

Any second-factor recovery method that the administrator has allowed in the Management console is available to the user, beside the default Recovery code method.

If the user already has a specific second factor authentication method set up, they can use it to authenticate.

Password reset with social login

When the user creates their account with social login, they can only recover their password for that social account through the recovery flow of that social identity provider.

Once the social login account password is recovered, the user can use it to continue logging in on the Identity Cloud login page.

Alternative account recovery path

When the user creates their account with social login, they can use the email address linked to their social account to recover their account with Identity Cloud. In this case, Identity Cloud recognizes that the user enters an email address already registered with a social account login, and offers to create a password for that account in Identity Cloud.

Alternative recovery steps

  1. Enter the email address of the user account and click Continue.
  2. Click Forgot password? on the login page.
  3. Open the password reset email sent to the registered email address, and enter the code you received on the Email verification page.
  4. Click Verify. If verification is not successful you can request a new code. If verification is successful, you can set a new password.
  5. Follow the prompts to enter a new password for your account.